Configure SAML SSO between DigiCert and Google Workspace
This guide walks you through setting up Single Sign-On (SSO) between your DigiCert® account and Google Workspace using SAML 2.0.
You will switch between DigiCert and Google Workspace tabs to exchange metadata and URLs. Once setup is complete, users in your account can sign in to DigiCert using their Google Workspace credentials, either from the Google Workspace dashboard or the DigiCert sign-in page.
For more details about Google Workspace configuration, refer to Google Workspace.
Before you begin
To complete this setup, you need administrative access in both DigiCert and Google Workspace:
Account admin user group required in DigiCert account.
Application Administrator or equivalent role required in Google Workspace.
Access DigiCert's SAML configuration page:
In DigiCert® account, select the Accounts icon > Sign-in methods.
Select Single sign-on with SAML.
Leave this window open.
In another tab, create a SAML application for your DigiCert account:
Sign in to the Google Admin console.
In the left-hand navigation menu, navigate to Apps > Web and mobile apps.
In the App name field, enter DigiCert account.
In the Description field, enter a custom description.
Example: DigiCert's single login experience
In the App icon field, upload the DigiCert icon.
Select Continue.
In the Download IdP metadata section, select Download metadata.
Select Continue.
Leave this window open.
Back in your DigiCert® account tab, upload the metadata file that you downloaded in Step 2 and copy the SSO URL you'll need to complete configuration in Step 4.
In the Connect your IdP to DigiCert section, select Upload IdP metadata.
In the Connect DigiCert to your IdP section, copy the SSO URL.
In the Enable/Disable SSO with SAML section, toggle to enable SSO.
Select Save configuration.
Back in your Google Workspace tab, enter the SSO URL that you copied from DigiCert® account in Step 3, and complete the remaining fields.
Paste the SSO URL in both of these fields:
ACS URL
Entity ID
In the Name ID format field, select Email.
In the Name ID field, keep the default Basic information > Primary email.
Select Continue.
In the Attributes section, select Add mapping.
Below the Google Directory attributes field, select Primary email.
Below the App attributes field, type email.
Select Finish.
Ensure that all users in your DigiCert® account are assigned to the SAML application in Google Admin console:
Go to Apps > Web and mobile apps.
Select the DigiCert app you just created.
In the User access section, select View details.
In the Organizational units section, select the group you want to assign.
In the Service status field, select the radio button next to On.
Select Save.
Dica
Need help? Create a Organizational Unit in Google Workspace.
Verify that you are able to sign in using your SAML application from Google Admin console:
Go to Apps > Web and mobile apps.
Select the DigiCert app you just created.
On the DigiCert app overview, select TEST SAML LOGIN.
In the Can't test SAML login modal, select Allow access.
In the Service status field, select the radio button next to ON for everyone.
Select Save.
Return to the DigiCert app overview, select TEST SAML LOGIN.
Dica
Your SAML app is configured correctly if you are redirected to DigiCert account and asked to complete two-factor authentication (2FA).
If you are not redirected to the 2FA page in DigiCert account, please compare your app settings to the instructions above or contact DigiCert support for assistance.
DigiCert logos
Use of DigiCert's logo must at all times comply with DigiCert brand guidelines, including the DigiCert Trademark Usage Guidelines available at https://www.digicert.com/legal-repository/ (as updated from time to time).
DigiCert logo's for SSO configuration.